Microsoft is planning to release nine bulletins, three critical, as part of the July edition of its Patch Tuesday monthly update cycle. One of the three crucial advisories is expected* to offer patches for a serious XML Core Services vulnerability, disclosed but not fixed in June’s Patch Tuesday. This vulnerability has been …
What happened to
Your Patch Tuesday article for June?
There were quite a few patches last month too.
Common theme, common prevention.
An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
[broken-record] Running as a non-admin would prevent anything exploiting this from breaking the OS. [/broken-record]
(I want to see a "nothing to see here, move along" icon.)
..all your Corporate Drone User Files (think weapons blueprints) might be shipped to Moldavia. Or Shenzen. Or Pyongyang.
Yeah, sandboxing should catch it, but only if there is a sandbox involved. Is your MS Office OOXML parser sandboxed ?? Not ? You better use a different account to view any external *docx or *xlsx.
What ? You braindead corpo policy forbids more than one account per drone ? Sorry, you and your files are stuffed.
That's not an XML bug...
That's a Microsoft bug. Get your headlines right!
Re: That's not an XML bug...
Umm, I read the title as being Microsoft's implementation being at fault, rather than XML per se. I can't really see where you got the Register blaming XML as a whole.
Have they re-issued the Browser Choice program?
It seems to have re-appeared on my Windows Update, but I haven't installed it. Given recent developments, how do I know it isn't teh vvrus?
In other news, my flaky Dell Latitude ST seems to be even flakier since I installed Opera 12.00. I've decided to run any novel web sites in Firefox instead. Teh Register seems to be able to make Opera crash my Dell. Maybe the new plugin handler...
Re: Have they re-issued the Browser Choice program?
I've noticed that The Reg site sends my Opera browser at home to nigh on 100% CPU on Win7/64bit, but not at work on the same...
Hardly a Zero Day vulnerability now if M$ disclosed it in June.
Removes OS and Software.
Keep away from IE !
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Is that a 64-bit ARM Warrior in your pocket? No, it's MIPS64
- Apple 'fesses up: Rejected from the App Store, dev? THIS is why